#
cb1d78d0 |
| 12-Sep-2008 |
Konstantin Belousov <kib@FreeBSD.org> |
The user_ldt_alloc() function shall return with dt_lock locked. The user_ldt_free() function shall return with dt_lock unlocked. Error handling code in both functions do not handle this, fix it by do
The user_ldt_alloc() function shall return with dt_lock locked. The user_ldt_free() function shall return with dt_lock unlocked. Error handling code in both functions do not handle this, fix it by doing necessary lock/unlock.
While there, fix minor style nits.
MFC after: 1 week
show more ...
|
#
56d456a5 |
| 12-Sep-2008 |
Konstantin Belousov <kib@FreeBSD.org> |
Remove warning about static LDT segment allocation. Applications continue using it after ~7 years since warning was introduced, and there is no reason to discourage them.
MFC after: 1 week
|
Revision tags: vendor/gdtoa/20080831, vendor/bind9/9.3.5-P2, vendor/bind9/9.4.2-P2, vendor/sendmail/8.14.3, vendor/ath/0.10.5.10, vendor/ntp/4.2.4p5 |
|
#
93ee134a |
| 15-Aug-2008 |
Kip Macy <kmacy@FreeBSD.org> |
Integrate support for xen in to i386 common code.
MFC after: 1 month
|
Revision tags: vendor/tzdata/tzdata2008e, vendor/tzdata/tzdata2008d, vendor/tzdata/tzdata2008c, vendor/pf-sys/4.1.001, vendor/openssh/5.1p1, vendor/openssh/5.0p1, vendor/openssh/4.9p1, vendor/openssh/4.7p1, vendor/openssh/4.6p1, vendor/bind9/9.3.5-P1, vendor/bind9/9.3.5, vendor/bind9/9.4.2-P1, vendor/misc-GNU/cpio/2.8, vendor/binutils/2.15.20040523, vendor/opensolaris/20080410, vendor/ncurses/5.6-20080503, vendor/expat/2.0.1, vendor/com_err/1.1.0, vendor/heimdal/1.1.0, vendor/opensolaris/20080410a, vendor/gcc/trunk_20080418-SVN134423, vendor/netcat/4.3, vendor/tzdata/tzdata2008b, vendor/bzip2/1.0.5, vendor/misc-GNU/cvs/1.11-20080310, vendor/tcsh/6.15b |
|
#
6617724c |
| 12-Mar-2008 |
Jeff Roberson <jeff@FreeBSD.org> |
Remove kernel support for M:N threading.
While the KSE project was quite successful in bringing threading to FreeBSD, the M:N approach taken by the kse library was never developed to its full potent
Remove kernel support for M:N threading.
While the KSE project was quite successful in bringing threading to FreeBSD, the M:N approach taken by the kse library was never developed to its full potential. Backwards compatibility will be provided via libmap.conf for dynamically linked binaries and static binaries will be broken.
show more ...
|
Revision tags: vendor/tzdata/tzdata2008a, vendor/bsnmp/syrinx_20080307_bugfix, release/7.0.0_cvs, release/7.0.0, vendor/ncurses/5.6-20080209, vendor/file/4.23-r1.46, vendor/binutils/2.15.cvsrev_1_51, release/6.3.0_cvs, release/6.3.0, vendor/file/4.23, vendor/misc-GNU/cvs/1.11.22, vendor/tzdata/tzdata2007k, vendor/ncurses/5.6-20071222, vendor/openpam/HYDRANGEA, vendor/amd/6.1.5, vendor/tzdata/tzdata2007j, vendor/resolver/9.4.2, vendor/bind9/9.4.2, vendor/less/v416, vendor/less/v415, vendor/libreadline/5.2p3_p7, vendor/sendmail/8.14.2, vendor/tzdata/tzdata2007i, vendor/openbsm/1.0, vendor/one-true-awk/20071023, vendor/ipfilter/4.1.28, vendor/ipfilter-sys/4-1-28, vendor/openssl/0.9.8-20071018, vendor/tcpdump/3.9.8, vendor/libpcap/0.9.8, vendor/tcsh/6.15a, vendor/less/v409, vendor/tzdata/tzdata2007h, vendor/less/v408, vendor/tzdata/tzdata2007g, vendor/gcc/4.2.1-20070718-SVN126787, vendor/bind9/9.4.1p1, vendor/openbsm/1.0-ALPHA-15, vendor/wpa_supplicant/0.5.8, vendor/hostapd/0.5.8 |
|
#
ea11c140 |
| 08-Jul-2007 |
Attilio Rao <attilio@FreeBSD.org> |
NULL_LDT_BASE is used in !SMP kernels too and set_user_ldt() is not properly called. Address these two issues.
Reported by: Tinderbox Tested by: le Approved by: jeff (mentor) Approved by: re
|
#
05dfa22f |
| 07-Jul-2007 |
Attilio Rao <attilio@FreeBSD.org> |
Actual code shows several problems in ia32 LDT handling: - When a LDT entry changes, the old one is freed while it is still referenced by gdt and ldtr. This can lead to disruptive behaviours in
Actual code shows several problems in ia32 LDT handling: - When a LDT entry changes, the old one is freed while it is still referenced by gdt and ldtr. This can lead to disruptive behaviours in particular on SMP machines. - When a LDT entry changes, it is assumed that the only one entity sharing the same LDT are threads in the same proc. It doesn't take in account edge cases where two processes share the same VM (rfork'ed ones, for example).
This patch addresses these two problems and addictionally it fixes the usage of refcount switching back it to the old manually-grown refcount (since in this case would be faster).
Diagnosed by: tegge Tested by: pho (a former version) Reviewed by: kib Approved by: jeff (mentor) Approved by: re
show more ...
|
Revision tags: vendor/pf/4.1, vendor/pf-sys/4.1, vendor/less/v406, vendor/misc-GNU/diff/2.8.7, vendor/bind9/9.4.1, vendor/one-true-awk/20070501, vendor/ipfilter/4.1.23, vendor/ipfilter-sys/4-1-23, vendor/less/v403, vendor/resolver/9.4.1 |
|
#
02b0a160 |
| 29-May-2007 |
Attilio Rao <attilio@FreeBSD.org> |
Fix some problems introduced with the last descriptors tables locking patch: - Do the correct test for ldt allocation - Drop dt_lock just before to call kmem_free (since it acquires blocking locks
Fix some problems introduced with the last descriptors tables locking patch: - Do the correct test for ldt allocation - Drop dt_lock just before to call kmem_free (since it acquires blocking locks inside) - Solve a deadlock with smp_rendezvous() where other CPU will wait undefinitively for dt_lock acquisition. - Add dt_lock in the WITNESS list of spinlocks
While applying these modifies, change the requirement for user_ldt_free() making that returning without dt_lock held.
Tested by: marcus, tegge Reviewed by: tegge Approved by: jeff (mentor)
show more ...
|
Revision tags: vendor/file/4.21, vendor/file/4.19, vendor/tzdata/tzdata2007f |
|
#
0ad5e7f3 |
| 20-May-2007 |
Jeff Roberson <jeff@FreeBSD.org> |
- Move GDT/LDT locking into a seperate spinlock, removing the global scheduler lock from this responsibility.
Contributed by: Attilio Rao <attilio@FreeBSD.org> Tested by: jeff, kkenn
|
Revision tags: vendor/gcc/4.2.0-20070514-SVN124707 |
|
#
c14d15ae |
| 22-Apr-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Remove MAC Framework access control check entry points made redundant with the introduction of priv(9) and MAC Framework entry points for privilege checking/granting. These entry points exactly alig
Remove MAC Framework access control check entry points made redundant with the introduction of priv(9) and MAC Framework entry points for privilege checking/granting. These entry points exactly aligned with privileges and provided no additional security context:
- mac_check_sysarch_ioperm() - mac_check_kld_unload() - mac_check_settime() - mac_check_system_nfsd()
Add mpo_priv_check() implementations to Biba and LOMAC policies, which, for each privilege, determine if they can be granted to processes considered unprivileged by those two policies. These mostly, but not entirely, align with the set of privileges granted in jails.
Obtained from: TrustedBSD Project
show more ...
|
Revision tags: vendor/openbsm/1.0-ALPHA-14, vendor/libreadline/5.2p2, vendor/sendmail/8.14.1, vendor/binutils/2.15.20050217, vendor/tcpdump/3.9.1a, vendor/tcsh/6.15p1, vendor/bzip2/1.0.4, vendor/netcat/4.1, vendor/acpica/20070320, vendor/openssl/0.9.8-20070315, vendor/openssl/0.9.8e, vendor/tcsh/6.15, vendor/bind9/9.3.4, vendor/ncurses/5.6-20061217, release/6.2.0_cvs, release/6.2.0, vendor/gdtoa/20050923, vendor/libreadline/5.2p1, vendor/libreadline/5.2, vendor/resolver/9.3.4, vendor/resolver/9.3.3, vendor/ath/0.9.20.3, vendor/bind9/9.3.3, vendor/pppd/2.3.11, vendor/openssh/4.5p1 |
|
#
acd3428b |
| 06-Nov-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking.
Sponsored by: nCircle
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking.
Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
show more ...
|
Revision tags: vendor/bind9/9.3.2p2, vendor/resolver/9.3.3RC2 |
|
#
aed55708 |
| 22-Oct-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitio
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitions, with all in-kernel interfaces moved to mac_framework.h, which is now included across most of the kernel instead.
This change is the first step in a larger cleanup and sweep of MAC Framework interfaces in the kernel, and will not be MFC'd.
Obtained from: TrustedBSD Project Sponsored by: SPARTA
show more ...
|
Revision tags: vendor/tzdata/tzdata2006n, vendor/openssl/0.9.8-20060929, vendor/openssl/0.9.8d, vendor/openssh/4.4p1, vendor/openbsm/1.0-ALPHA-12, vendor/openbsm/1.0-ALPHA-11 |
|
#
98bf5a70 |
| 09-Sep-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Audit sysarch() operation argument.
MFC after: 3 days
|
Revision tags: vendor/bind9/9.3.2p1, vendor/tcpdump/3.9.4, vendor/libpcap/0.9.4, vendor/openbsm/1.0-ALPHA-10, vendor/openbsm/1.0-ALPHA9-kwikfix_backout, vendor/NetBSD/lukemftpd/20060831, vendor/openbsm/1.0-ALPHA9-kwikfix, vendor/gcc/3.4.6-20060825-SVN116475, vendor/openbsm/1.0-ALPHA-9, vendor/gdb/6.1.1, vendor/less/v394, vendor/sendmail/8.13.8, vendor/ipfilter/4.1.13, vendor/ipfilter-sys/4-1-13, vendor/openssl/0.9.8b, vendor/libuwx/BETA10, vendor/openbsm/1.0-ALPHA-7, vendor/OpenBSD/cvs_20060501, vendor/file/4.17a, vendor/file/4.17, vendor/sendmail/8.13.7, vendor/binutils/2.15.NOTHING, vendor/ath/0.9.17.2, vendor/openbsm/1.0-ALPHA-6, release/5.5.0_cvs, release/5.5.0, vendor/netcat/3.9, vendor/resolver/9.3.2, vendor/tzdata/tzdata2006g, release/6.1.0_cvs, release/6.1.0, vendor/libreadline/5.1p1-p4, vendor/libreadline/5.1, vendor/zlib/1.2.3, vendor/openssh/4.3p1, vendor/sendmail/8.13.6, vendor/csup/20060313, vendor/hostapd/0.4.8, vendor/wpa_supplicant/0.4.8, vendor/openbsm/1.0-ALPHA-5, vendor/csup/20060303, vendor/csup/20060302, vendor/bsnmp/1.12, vendor/tcsh/6.14, vendor/openbsm/1.0-ALPHA-4, vendor/ath/0.9.16.16, vendor/openbsm/1.0-ALPHA-3, vendor/openbsm/1.0-ALPHA-2, vendor/openbsm/1.0-ALPHA-1, vendor/bind9/9.3.2-dougb-p1, vendor/ipfilter/4.1.10, vendor/ipfilter-sys/4-1-10, vendor/bind9/9.3.2, vendor/tzdata/tzdata2005r |
|
#
1bfa9108 |
| 26-Dec-2005 |
David Xu <davidxu@FreeBSD.org> |
Move global variable private_tss into per-cpu area.
Reviewed by: jhb
|
Revision tags: vendor/tzdata/tzdata2005q, vendor/nve/1.0.0310, release/6.0.0_cvs, release/6.0.0, vendor/acpica/20051021, vendor/acpica/20041119sysinc, vendor/wpa_supplicant/0.3-latest, vendor/groff/1.19.2, vendor/wpa_supplicant/0.3.9, vendor/bsnmp/1.11, vendor/misc-GNU/cpio/2.6 |
|
#
f726a873 |
| 15-Sep-2005 |
John Baldwin <jhb@FreeBSD.org> |
Explicitly switch to the new TSS by updating the current CPU's TSS selector and reloading it in i386_extend_pcb() rather than trying to force a context switch to reload the TSS via the TDF_NEEDRESCHE
Explicitly switch to the new TSS by updating the current CPU's TSS selector and reloading it in i386_extend_pcb() rather than trying to force a context switch to reload the TSS via the TDF_NEEDRESCHED flag. Optimizations to avoid calling cpu_switch() when the new thread was identical to the old thread defeated the attempt to force a TSS reload. Explicitly loading the new TSS is what we really want to do anyway.
PR: i386/84842 Reported by: Alexander Best arundel at h3c dot de MFC after: 1 week Reviewed by: bde (mostly)
show more ...
|
Revision tags: vendor/pf-sys/3.7.001, vendor/openssh/4.2p1, vendor/tzdata/tzdata2005m, vendor/tzdata/tzdata2005l, vendor/bind9/9.3.1p1, vendor/tcpdump/3.9.1, vendor/libpcap/0.9.1 |
|
#
bc2e774a |
| 23-Jun-2005 |
John Baldwin <jhb@FreeBSD.org> |
Various and sundry style fixes and comment cleanups.
Approved by: re (scottl)
|
Revision tags: vendor/openpam/FIGWORT, vendor/sendmail/8.13.4_1, vendor/hostapd/0.3.9, vendor/sendmail/8.13.4, vendor/OpenBSD/dhclient_openbsd_3_7, vendor/hostapd/0.3.7, vendor/wpa_supplicant/0.3.8, vendor/openssh/4.1p1, vendor/openssh/4.0p1, vendor/gcc/3.4.4-20050518, vendor/tcpdump/3.9.1-096, vendor/libpcap/0.9.1-096, vendor/ngatm/1.2, vendor/bsnmp/1.10, vendor/misc-GNU/texinfo/4.8, vendor/NetBSD/lukemftp/20050516, vendor/tnftp/20050516, vendor/one-true-awk/20050424, vendor/bzip2/1.0.3, vendor/libregex/fedora-glibc-2.3.4-21, release/5.4.0_cvs, release/5.4.0 |
|
#
9b2dc15c |
| 06-May-2005 |
Colin Percival <cperciva@FreeBSD.org> |
Correctly validate inputs to the i386_get_ldt syscall.
Security: FreeBSD-SA-05:07.ldt
|
Revision tags: vendor/NetBSD/regress_resolv_20050504, vendor/pf/3.7, vendor/pf-sys/3.7, vendor/bsnmp/1.9, vendor/ipfilter/4.1.8, vendor/ipfilter-sys/4-1-8, vendor/zlib/1.2.2 |
|
#
9a045ca1 |
| 19-Apr-2005 |
David Xu <davidxu@FreeBSD.org> |
Further narrow down critical region of FSBASE code.
|
#
4b1fa239 |
| 19-Apr-2005 |
David Xu <davidxu@FreeBSD.org> |
Use critical section functions rather than scheduler lock to protect critical region.
|
#
4740f543 |
| 14-Apr-2005 |
Peter Wemm <peter@FreeBSD.org> |
Allow user processes to completely empty out their LDT, now that user processes run from segment selectors that live in the GDT. Doing this used to be equivalent to committing suicide, but now this
Allow user processes to completely empty out their LDT, now that user processes run from segment selectors that live in the GDT. Doing this used to be equivalent to committing suicide, but now this is a NOP.
show more ...
|
#
e0ab2c6d |
| 13-Apr-2005 |
Peter Wemm <peter@FreeBSD.org> |
Change the segment limits to 4GB, we set the user accessible bit on all of the kernel address space already. Intel recommend this anyway, because using a non-4GB limit adds an additional clock cycle
Change the segment limits to 4GB, we set the user accessible bit on all of the kernel address space already. Intel recommend this anyway, because using a non-4GB limit adds an additional clock cycle to address generation. We were able to install 4GB segments into the LDT, so any limits we imposed on %cs and %ds were academic anyway. More importantly, this allows us to make a page in the kernel readable to user applications, for holding things like the signal trampoline and other fun things.
Move the user %cs/%ds segments from the LDT to the GDT. There was no good reason for them to be there anyway. The old LDT entries are still there but we can now relax the restriction that prevented users from emptying the default LDT entries.
Putting user and kernel %cs and %ds together allows us to access the fast sysenter/sysexit/syscall/sysret instructions. syscall/sysret in particular require that the user/kernel segments be laid out this way. Reserve a slot specifically for NDIS while here.
Create two user controllable slots in the GDT that are context switched with the (kernel) thread. This allows user applications to set two user privilige selectors to arbitary values. Create i386_set_fsbase(void *base) and friends. (get/set, fs/gs). For i386, %gs is used by tls and the thread libraries and this means that user processes no longer have to have the cost of having a custom LDT, and we will no longer to do a ldt switch when activating a kthread/ithread in the usual case any more.
In other words, we can now set the base address for %fs and %gs to arbitary addresses without the pain of messing with ldt segments.
show more ...
|
#
8a4d2b06 |
| 23-Mar-2005 |
David Schultz <das@FreeBSD.org> |
Bounds check the length parameter to i386_set_ldt() before passing it to kmem_alloc(). Failure to do this made it possible for user processes to cause a hard lock on i386 kernels. I believe this on
Bounds check the length parameter to i386_set_ldt() before passing it to kmem_alloc(). Failure to do this made it possible for user processes to cause a hard lock on i386 kernels. I believe this only affects 6-CURRENT on or after 2005-01-26.
Found by: Coverity Prevent analysis tool Security: Local DOS
show more ...
|
Revision tags: vendor/bind9/9.3.1, vendor/nve/1.0.0301, vendor/bsnmp/1.8, vendor/openssl/0.9.7e, vendor/heimdal/0.6.3, vendor/NetBSD/lukemftp/20050219, vendor/tnftp/20050219, vendor/sendmail/8.13.3, vendor/netcat/20050204, vendor/openpam/FETERITA |
|
#
84569dff |
| 26-Jan-2005 |
Maxim Sobolev <sobomax@FreeBSD.org> |
o Move copyin()/copyout() out of i386_{get,set}_ldt() and i386_{get,set}_ioperm() and make those APIs visible in the kernel namespace;
o use i386_{get,set}_ldt() and i386_{get,set}_ioperm() instea
o Move copyin()/copyout() out of i386_{get,set}_ldt() and i386_{get,set}_ioperm() and make those APIs visible in the kernel namespace;
o use i386_{get,set}_ldt() and i386_{get,set}_ioperm() instead of sysarch() in the linuxlator, which allows to kill another two stackgaps.
MFC after: 2 weeks
show more ...
|
Revision tags: release/4.11.0_cvs, release/4.11.0 |
|
#
753d1af1 |
| 30-Dec-2004 |
John Baldwin <jhb@FreeBSD.org> |
Use NULL instead of 0 in a few places as well as various whitespace fixes.
|
Revision tags: vendor/file/4.12, vendor/ath/0.9.14.9, vendor/tzdata/tzdata2004g, vendor/acpica/20041119 |
|
#
6004362e |
| 27-Nov-2004 |
David Schultz <das@FreeBSD.org> |
Don't include sys/user.h merely for its side-effect of recursively including other headers.
|
Revision tags: release/5.3.0_cvs, release/5.3.0, vendor/openssh/3.9p1, vendor/libreadline/5.0p1-p5, vendor/libreadline/5.0, vendor/tzdata/tzdata2004e, vendor/gcc/3.4.2-20041014, vendor/ngatm/1.1.1, vendor/libbegemot/1.1.1, vendor/bind9/9.3.0, vendor/bind9/9.3.0rc4, vendor/pf/3.5.001, vendor/NetBSD/lukemftpd/20040809, vendor/isc-dhcp/3.0.1, vendor/openssl/0.9.7-dev, vendor/pf-sys/3.5.004, vendor/pf-sys/3.5.003, vendor/misc-GNU/sort/20040812, vendor/gcc/3.4.2-20040728, vendor/ngatm/1.1, vendor/file/4.10, vendor/bsnmp/1.7, vendor/sendmail/8.13.1, vendor/ntp/4.2.0, vendor/pf-sys/3.5.002, vendor/tcsh/6.13, vendor/ngatm/1.0, vendor/amd/6.0.10p1, vendor/misc-GNU/grep/2.5.1, vendor/libregex/from-grep-2.5.1, vendor/misc-GNU/sort/5.2.1, vendor/acpica/20040527, vendor/zlib/1.2.1, vendor/isc-dhcp/3.0.1rc14, vendor/gdb/marcel_contrib, vendor/ipfilter/3.4.35, vendor/ipfilter-sys/3-4-35, vendor/tzcode/tzcode2004a, vendor/pf-sys/3.5.001, vendor/pf/3.5, vendor/pf-sys/3.5, vendor/altq/20040607, vendor/misc-GNU/cvs/1.11.17, release/4.10.0_cvs, release/4.10.0, vendor/acpica/20040514, vendor/libuwx/BETA7, vendor/pf-sys/3.4.003, vendor/NetBSD/lukemftp/20040426, vendor/tnftp/20040426, vendor/openssh/3.8.1p1, vendor/less/v381, vendor/misc-GNU/cvs/1.11.15, vendor/bsnmp/1.6, vendor/acpica/20040402, vendor/pf-sys/3.4.002 |
|
#
f36cfd49 |
| 07-Apr-2004 |
Warner Losh <imp@FreeBSD.org> |
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson.
Approved by: core, peter, alc, rwatson
|